RHEL7RC+EPEL版Dockerã®å‰æã§è§£èª¬ã—ã¾ã™ã€‚RHEL7RCを最å°æ§‹æˆã§å…¥ã‚Œã¦ã€æ¬¡ã®æ‰‹é †ã§Dockerã‚’å°Žå…¥ã—ã¾ã™ã€‚
# yum -y install bridge-utils net-tools # yum -y install http://download.fedoraproject.org/pub/epel/beta/7/x86_64/epel-release-7-0.1.noarch.rpm # yum -y install docker-io # systemctl enable docker.service
DockerãŒè¨å®šã™ã‚‹iptablesã®å†…容を見るãŸã‚ã«ï¼ˆè¦‹ã‚„ã™ãã™ã‚‹ãŸã‚ã«ï¼‰ã€firewalldã‚’åœæ¢ã—ãŸä¸Šã§dockerサービスを起動ã—ã¾ã™ã€‚
# systemctl stop firewalld.service # systemctl mask firewalld.service # systemctl restart docker.service
ã¾ãšã¯æ™®é€šã®èª¬æ˜Ž
dockerサービスを起動ã™ã‚‹ã¨ã€ã‚³ãƒ³ãƒ†ãƒŠæŽ¥ç¶šç”¨ã®ä»®æƒ³ãƒ–リッジ「docker0ã€ãŒç”¨æ„ã•ã‚Œã¾ã™ã€‚
# brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.56847afe9799 no
# ifconfig docker0
docker0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 172.17.42.1 netmask 255.255.0.0 broadcast 0.0.0.0
inet6 fe80::5484:7aff:fefe:9799 prefixlen 64 scopeid 0x20<link>
ether 56:84:7a:fe:97:99 txqueuelen 0 (Ethernet)
RX packets 10956 bytes 600362 (586.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 19642 bytes 27720858 (26.4 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0ã“ã®ãƒ–リッジã¯ã€ç‰©ç†NICã¨ã¯æŽ¥ç¶šã—ã¦ã„ãªã„ã®ã§ã€å¤–部ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ã¨ã‚³ãƒ³ãƒ†ãƒŠãŒç›´æŽ¥ã«é€šä¿¡ã™ã‚‹ãŸã‚ã®ã‚‚ã®ã§ã¯ã‚ã‚Šã¾ã›ã‚“。iptablesを見るã¨æ¬¡ã®ã‚ˆã†ã«ãªã£ã¦ã„ã¾ã™ã€‚若干ã€å¤‰ãªãƒ«ãƒ¼ãƒ«è¨å®šã§ã™ãŒã€å°‘ãªãã¨ã‚‚ã€docker0ã«æŽ¥ç¶šã—ãŸã‚³ãƒ³ãƒ†ãƒŠã‹ã‚‰å¤–部ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ã¸ã¯ã€IPマスカレードã§å‡ºã¦ã„ã‘るよã†ã«ãªã£ã¦ã„ã¾ã™ã€‚
# iptables-save | grep -v "^#" *nat :PREROUTING ACCEPT [1:100] :INPUT ACCEPT [1:100] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :DOCKER - [0:0] -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER -A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER -A POSTROUTING -s 172.17.0.0/16 ! -d 172.17.0.0/16 -j MASQUERADE COMMIT *filter :INPUT ACCEPT [133:10308] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [72:9600] -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i docker0 ! -o docker0 -j ACCEPT -A FORWARD -i docker0 -o docker0 -j ACCEPT COMMIT
CentOS6ã®ã‚¤ãƒ¡ãƒ¼ã‚¸ã‚’ダウンãƒãƒ¼ãƒ‰ã—ã¦ã€ã‚³ãƒ³ãƒ†ãƒŠã‚’èµ·å‹•ã—ã¦ã¿ã¾ã™ã€‚
# docker pull centos # docker run -it centos /bin/bash
コンテナ内部ã«ã¯eth0ãŒã‚ã£ã¦ã€å¾Œã§ã¿ã‚‹ã‚ˆã†ã«ã€ã“ã‚Œã¯ãƒ–リッジ「docker0ã€ã«æŽ¥ç¶šã•ã‚Œã¦ã„ã¾ã™ã€‚docker0ã¨åŒã˜ã‚µãƒ–ãƒãƒƒãƒˆã®IPãŒå‰²ã‚Šå½“ã¦ã‚‰ã‚Œã¦ãŠã‚Šã€docker0ã«pingãŒå±Šãã¾ã™ã€‚IPマスカレードã§ã‚¤ãƒ³ã‚¿ãƒ¼ãƒãƒƒãƒˆã¾ã§å‡ºã¦è¡Œãã“ã¨ã‚‚ã§ãã¾ã™ã€‚
bash-4.1# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 26:B7:4A:7F:01:BC
inet addr:172.17.0.2 Bcast:0.0.0.0 Mask:255.255.0.0
inet6 addr: fe80::24b7:4aff:fe7f:1bc/64 Scope:Link
UP BROADCAST RUNNING MTU:1500 Metric:1
RX packets:7 errors:0 dropped:2 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:558 (558.0 b) TX bytes:648 (648.0 b)
bash-4.1# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.17.42.1 0.0.0.0 UG 0 0 0 eth0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
bash-4.1# yum -y install iputils traceroute
bash-4.1# ping -c1 172.17.42.1
PING 172.17.42.1 (172.17.42.1) 56(84) bytes of data.
64 bytes from 172.17.42.1: icmp_seq=1 ttl=64 time=0.104 ms
--- 172.17.42.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.104/0.104/0.104/0.000 ms
bash-4.1# traceroute -I 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 172.17.42.1 (172.17.42.1) 0.096 ms 0.018 ms 0.012 ms
2 192.168.122.1 (192.168.122.1) 0.234 ms 0.212 ms 0.204 ms
...(ä¸ç•¥ï¼‰...
15 209.85.243.156 (209.85.243.156) 72.423 ms 71.965 ms 71.918 ms
16 209.85.244.25 (209.85.244.25) 90.231 ms 89.823 ms 89.788 ms
17 * * *
18 google-public-dns-a.google.com (8.8.8.8) 70.944 ms 70.928 ms 71.182 msコンテナを起動ã—ãŸã¾ã¾ã€åˆ¥ç«¯æœ«ã‹ã‚‰ãƒ›ã‚¹ãƒˆLinuxã«å†ãƒã‚°ã‚¤ãƒ³ã—ã¦ã€ãƒ–リッジdocker0を見るã¨ã‚³ãƒ³ãƒ†ãƒŠå†…ã®eth0ã®ç‰‡å‰²ã‚Œã®vethãŒæŽ¥ç¶šã•ã‚Œã¦ã„ã¾ã™ã€‚
# brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.56847afe9799 no veth452d
# ifconfig veth452d
veth452d: flags=67<UP,BROADCAST,RUNNING> mtu 1500
inet6 fe80::874:87ff:fe84:6aa2 prefixlen 64 scopeid 0x20<link>
ether 0a:74:87:84:6a:a2 txqueuelen 1000 (Ethernet)
RX packets 4479 bytes 310641 (303.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 7727 bytes 10625737 (10.1 MiB)
TX errors 0 dropped 1 overruns 0 carrier 0 collisions 0veth(Virtual Ethernet)ã¯ã€ã‚¯ãƒã‚¹ã‚±ãƒ¼ãƒ–ルã§ç›´çµã•ã‚ŒãŸä»®æƒ³NICã®ãƒšã‚¢ã‚’作るLinuxã®æ©Ÿèƒ½ã§ã€ãƒãƒ³ãƒçµµã«ã™ã‚‹ã¨ã“ã‚“ãªçŠ¶æ…‹ã«ãªã‚Šã¾ã™ã€‚
ã¡ãªã¿ã«ã€ã‚³ãƒ³ãƒ†ãƒŠå†…ã®IPアドレスãŒã©ã®ã‚ˆã†ã«è¨å®šã•ã‚Œã¦ã„ã‚‹ã‹æ°—ã«ãªã‚‹ã‹ã‚‚知れã¾ã›ã‚“。
「DHCPã˜ã‚ƒãªã„ã®ï¼Ÿã€
ã¨æ€ã£ãŸã‚ãªãŸã€
残念。。。。。。OpenStackã®å‹‰å¼·ã®ã—éŽãŽã§ã™ã€‚。。。。。。
コンテナã®ä¸ã§å‹•ã„ã¦ã„ã‚‹ã®ã¯ã€bashã ã‘ã§ã™ã€‚ã©ã“ã«ã‚‚DHCPクライアントã¯ã‚ã‚Šã¾ã›ã‚“。
bash-4.1# ps -ef UID PID PPID C STIME TTY TIME CMD root 1 0 0 05:45 ? 00:00:00 /bin/bash root 79 1 0 06:13 ? 00:00:00 ps -ef
実ã¯ã€ã“ã®ã‚¢ãƒ‰ãƒ¬ã‚¹ã¯ã€DockerãŒã‚³ãƒ³ãƒ†ãƒŠã‚’作æˆã—ãŸéš›ã«ã‚³ãƒ³ãƒ†ãƒŠã®ä¸ã«å…¥ã‚Šè¾¼ã‚“ã§ã€ç‹¬è‡ªã«IPアドレスをè¨å®šã—ã¦ã„ã¾ã™ã€‚ã‚‚ã†å°‘ã—æ£ç¢ºã«ã„ã†ã¨ã€ã“ã®ã‚³ãƒ³ãƒ†ãƒŠã®ã€Œãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ãƒãƒ¼ãƒ スペース(netns)ã€ã«å…¥ã‚Šè¾¼ã‚“ã§è¨å®šã—ã¦ã„ã¾ã™ã€‚
コンテナã®netnsã«æ½œã‚Šè¾¼ã‚€
ãã‚Œã§ã¯ã€ã¡ã‚‡ã£ã¨ã—ãŸãŠéŠã³ã§ã€ãƒ›ã‚¹ãƒˆLinuxã‹ã‚‰ã‚³ãƒ³ãƒ†ãƒŠå†…ã®netnsã«æ½œã‚Šè¾¼ã‚“ã§ã¿ã¾ã—ょã†ã€‚コンテナã¯ã€ãƒ—ãƒã‚»ã‚¹ã®å®Ÿè¡Œç’°å¢ƒã‚’分離ã™ã‚‹æ©Ÿèƒ½ã§ã™ãŒã€ã€Œãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ç’°å¢ƒã®åˆ†é›¢ï¼netnsã€ã€Œãƒ•ã‚¡ã‚¤ãƒ«ã‚·ã‚¹ãƒ†ãƒ ã®åˆ†é›¢=mntnsã€ã€Œãƒ—ãƒã‚»ã‚¹ãƒ†ãƒ¼ãƒ–ルã®åˆ†é›¢=pidnsã€ã®ã‚ˆã†ã«åˆ†é›¢ã™ã‚‹ãƒªã‚½ãƒ¼ã‚¹ã”ã¨ã«åˆ¥ã€…ã®ãƒãƒ¼ãƒ スペース機能ã§åˆ†é›¢ã—ã¦ã„ã¾ã™ã€‚ã—ãŸãŒã£ã¦ã€ãƒ›ã‚¹ãƒˆLinuxã‹ã‚‰ã‚³ãƒ³ãƒ†ãƒŠå†…ã®netnsã«æ½œã‚Šè¾¼ã‚€ã¨ã€ãƒ•ã‚¡ã‚¤ãƒ«ã‚·ã‚¹ãƒ†ãƒ やプãƒã‚»ã‚¹ãƒ†ãƒ¼ãƒ–ルã¯ã‚³ãƒ³ãƒ†ãƒŠã®å¤–å´ï¼ˆãƒ›ã‚¹ãƒˆLinux)ãªã®ã«ã€ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯è¨å®šã ã‘コンテナã®ä¸ãŒè¦‹ãˆã‚‹ã€ã¨ã„ã†é¢ç™½ã„状態ã«ãªã‚Šã¾ã™ã€‚
netnsã‚’æ“作ã™ã‚‹å®šç•ªãƒ„ールã¯ipコマンドã§ã™ãŒã€ã“ã®ã‚³ãƒ³ãƒ†ãƒŠã®netnsã‚’ipコマンドã§ç®¡ç†ã§ãるよã†ã«ã¡ã‚‡ã£ã¨ã—ãŸä»•è¾¼ã¿ã‚’ã—ã¾ã™ã€‚ã¾ãšã€ã‚³ãƒ³ãƒ†ãƒŠå†…ã§èµ·å‹•ã—ã¦ã„ã‚‹bashã®ãƒ›ã‚¹ãƒˆLinux上ã§ã®PIDを調ã¹ã¾ã™ã€‚dockerデーモンã®åプãƒã‚»ã‚¹ã®bashを探ã›ã°OKã§ã™ã€‚
# ps -ef | grep "docker -[d]" root 9498 1 0 13:17 ? 00:00:02 /usr/bin/docker -d # ps -ef | grep bash | grep 9498 root 10170 9498 0 18:00 pts/2 00:00:00 /bin/bash
ã“ã®ãƒ—ãƒã‚»ã‚¹ã®/procæƒ…å ±ã®ä¸ã«ã€ã“ã®ãƒ—ãƒã‚»ã‚¹ãŒå±žã™ã‚‹netnsã‚’æ“作ã™ã‚‹FDã¸ã®ãƒªãƒ³ã‚¯ãŒã‚ã‚Šã¾ã™ã€‚
# ls -l /proc/10170/ns/net lrwxrwxrwx. 1 root root 0 4月 24 18:01 /proc/10170/ns/net -> net:[4026532160]
/var/run/netns/以下ã‹ã‚‰ã‚·ãƒ³ãƒœãƒªãƒƒã‚¯ãƒªãƒ³ã‚¯ã‚’張るã¨ã€ipコマンド管ç†ä¸‹ã®netnsã¨ã—ã¦èªè˜ã•ã‚Œã¾ã™ã€‚
# ln -s /proc/10170/ns/net /var/run/netns/hoge # ip netns hoge
ã“ã“ã¾ã§ãã‚Œã°ã€Neutronã®ãƒ‡ãƒãƒƒã‚°ã§é›ãˆãŸip netnsを駆使ã—ã¦ã‚„り放題ã§ã™ã。ã“ã®netns内部ã§bashã‚’èµ·å‹•ã—ã¾ã™ã€‚
# ip netns exec hoge bash
次ã®ã‚ˆã†ã«ã‚³ãƒ³ãƒ†ãƒŠå†…ã®ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ç’°å¢ƒãŒä¸¸è¦‹ãˆã§ã™ã€‚
# ifconfig eth0
eth0: flags=67<UP,BROADCAST,RUNNING> mtu 1500
inet 172.17.0.2 netmask 255.255.0.0 broadcast 0.0.0.0
inet6 fe80::8874:a6ff:fe1c:1b2a prefixlen 64 scopeid 0x20<link>
ether 8a:74:a6:1c:1b:2a txqueuelen 1000 (Ethernet)
RX packets 8 bytes 648 (648.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 648 (648.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.17.42.1 0.0.0.0 UG 0 0 0 eth0
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0ã‚ãã¾ã§ã€netnsã ã‘を切り替ãˆã¦ã„ã‚‹ã®ã§ã€ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ä»¥å¤–ã®ç’°å¢ƒï¼ˆãƒ•ã‚¡ã‚¤ãƒ«ã‚·ã‚¹ãƒ†ãƒ やプãƒã‚»ã‚¹ãƒ†ãƒ¼ãƒ–ル)ã¯ã€ãƒ›ã‚¹ãƒˆLinuxã¨åŒã˜çŠ¶æ…‹ã§ã‚る点ã«æ³¨æ„ã—ã¦ãã ã•ã„。bashを終了ã™ã‚‹ã¨ã€ãƒ›ã‚¹ãƒˆLinuxã®ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ç’°å¢ƒã«æˆ»ã‚Šã¾ã™ã€‚
# exit
DockerãŒã‚³ãƒ³ãƒ†ãƒŠã‚’作るタイミングã§ã€ãƒ›ã‚¹ãƒˆLinuxå´ã‹ã‚‰æ¬¡ã®ã‚ˆã†ãªæ“作をã—ã¦ã€ã‚³ãƒ³ãƒ†ãƒŠå†…ã®IPアドレスをè¨å®šã—ã¦ã„ã‚‹ã‚‚ã®ã¨è€ƒãˆã‚‰ã‚Œã¾ã™ã€‚
・ホストLinuxå´ã§vethペアを作æˆã™ã‚‹ã€‚
・ãã®ç‰‡å‰²ã‚Œã‚’コンテナã®netnsã«çªã£è¾¼ã‚“ã§ã€ã‚³ãƒ³ãƒ†ãƒŠã‹ã‚‰eth0ã¨ã—ã¦è¦‹ãˆã‚‹ã‚ˆã†ã«ã™ã‚‹ã€‚
・コンテナã®netnsã«å…¥ã‚Šè¾¼ã‚“ã§ã€ã‚³ãƒ³ãƒ†ãƒŠå†…ã®eth0ã«IPアドレスをセットã™ã‚‹ã€‚
コンテナã«NICã‚’è¿½åŠ ã™ã‚‹
å‰è¿°ã®æ‰‹æ³•ã‚’応用ã™ã‚‹ã¨ã€èµ·å‹•ä¸ã®ã‚³ãƒ³ãƒ†ãƒŠã«å¯¾ã—ã¦ã€ãƒ›ã‚¹ãƒˆLinux上ã§vethペアを作æˆã—ã¦ã€å¾Œã‹ã‚‰ã‚³ãƒ³ãƒ†ãƒŠã«NICã‚’è¿½åŠ ã™ã‚‹ã“ã¨ãŒã§ãã¦ã—ã¾ã†æ°—ã‚‚ã—ã¾ã™ã€‚è«–ã‚ˆã‚Šè¨¼æ‹ ã§ã€å®Ÿéš›ã«ã‚„ã£ã¦ã¿ã¾ã—ょã†ã€‚
目標ã¯ã“ã‚“ãªæ„Ÿã˜ã§ã™ã€‚ブリッジ「br0ã€ãŒå®™ã«æµ®ã„ã¦ã„ã¾ã™ãŒã€ã“れを物ç†NICã«æŽ¥ç¶šã™ã‚Œã°ã€ã‚³ãƒ³ãƒ†ãƒŠã¨å¤–部ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ã‚’ç›´çµã™ã‚‹ã“ã¨ãŒå¯èƒ½ã«ãªã‚Šã¾ã™ã€‚
ã¾ãšãƒ–リッジ「br0ã€ã‚’作æˆã—ã¾ã™ã€‚
# brctl addbr br0 # ip link set br0 up # ip addr add 192.168.200.1/24 dev br0
続ã„ã¦ã€vethã®ãƒšã‚¢ã‚’作æˆã—ã¾ã™ã€‚ã“ã“ã§ã¯ã€[veth-host]----[veth-guest]ã¨ã„ã†åå‰ã§ä½œæˆã—ãŸä¸Šã§ã€ãƒ›ã‚¹ãƒˆå´ï¼ˆveth-host)をbr0ã«æŽ¥ç¶šã—ã¾ã™ã€‚
# ip link add name veth-host type veth peer name veth-guest
# ip link set veth-host up
# brctl addif br0 veth-host
# brctl show br0
bridge name bridge id STP enabled interfaces
br0 8000.b638185b3372 no veth-host
# ifconfig veth-host
veth-host: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether b6:38:18:5b:33:72 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
# ifconfig veth-guest
veth-guest: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether d6:52:68:0a:1d:0e txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0ã“ã®æ™‚点ã§ã¯ã‚²ã‚¹ãƒˆå´ã®veth-guestも見ãˆã¦ã„ã¾ã™ãŒã€æ¬¡ã®ã‚³ãƒžãƒ³ãƒ‰ã§ã‚³ãƒ³ãƒ†ãƒŠã®netnsã«çªã£è¾¼ã‚€ã¨ã€ãƒ›ã‚¹ãƒˆã‹ã‚‰ã¯è¦‹ãˆãªããªã‚Šã¾ã™ã€‚
# ip link set veth-guest netns hoge # ifconfig veth-guest veth-guest: error fetching interface information: Device not found
逆ã«ã‚³ãƒ³ãƒ†ãƒŠå´ã§ã€veth-guestãŒè¦‹ãˆã‚‹ã‚ˆã†ã«ãªã£ã¦ã„ã¾ã™ã€‚
bash-4.1# ifconfig veth-guest
veth-guest Link encap:Ethernet HWaddr D6:52:68:0A:1D:0E
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)続ã„ã¦ã€ã‚³ãƒ³ãƒ†ãƒŠå†…ã®NICã®è¨å®šã‚’è¡Œã„ã¾ã™ã€‚ã“れもã€å…ˆã»ã©ã®ã€Œip netns execã€ã‚’駆使ã—ã¦ãƒ›ã‚¹ãƒˆå´ã§è¡Œã„ã¾ã™ã€‚ã¾ãšã€ã‚³ãƒ³ãƒ†ãƒŠå†…ã§ã®ãƒ‡ãƒã‚¤ã‚¹åを「eth1ã€ã«å¤‰æ›´ã—ã¾ã™ã€‚
# ip netns exec hoge ip link set veth-guest name eth1
「eth1ã€ã«å¯¾ã™ã‚‹IPã®è¨å®šã‚’è¡Œã„ã¾ã™ã€‚ルーティングテーブルも変更ã—ã¦ã€eth1å´ã‚’デフォルトゲートウェイã«ã—ã¾ã™ã€‚
# ip netns exec hoge ip addr add 192.168.200.101/24 dev eth1 # ip netns exec hoge ip link set eth1 up # ip netns exec hoge ip route delete default # ip netns exec hoge ip route add default via 192.168.200.1
ã“ã‚Œã§å®Œæˆã§ã™ã€‚ホストã‹ã‚‰pingも通りã¾ã™ã€‚
# ping -c1 192.168.200.101 PING 192.168.200.101 (192.168.200.101) 56(84) bytes of data. 64 bytes from 192.168.200.101: icmp_seq=1 ttl=64 time=0.082 ms --- 192.168.200.101 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.082/0.082/0.082/0.000 ms
コンテナ内ã§ã¯æ¬¡ã®ã‚ˆã†ã«è¨å®šã•ã‚Œã¦ã„ã¾ã™ã€‚
bash-4.1# ifconfig eth1
eth1 Link encap:Ethernet HWaddr D6:52:68:0A:1D:0E
inet addr:192.168.200.101 Bcast:0.0.0.0 Mask:255.255.255.0
inet6 addr: fe80::d452:68ff:fe0a:1d0e/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:648 (648.0 b)
bash-4.1# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.200.1 0.0.0.0 UG 0 0 0 eth1
172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
192.168.200.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1ã™ã°ã‚‰ã—ã„。。。。。
ã¡ãªã¿ã«ã‚³ãƒ³ãƒ†ãƒŠã‚’åœæ¢ã™ã‚‹ã¨ã€å¾Œã‹ã‚‰è¿½åŠ ã—ãŸvethペアもã†ã¾ã消ã—ã¦ãれるよã†ã§ã™ã€‚ãŸã ã—ã€/var/run/netns以下ã®ã‚·ãƒ³ãƒœãƒªãƒƒã‚¯ãƒªãƒ³ã‚¯ãŒæ®‹ã‚‹ã®ã§ã€ã“ã‚Œã¯æ‰‹ã§å‰Šé™¤ã™ã‚‹å¿…è¦ãŒã‚ã‚Šã¾ã™ã€‚ã“ã‚Œã¯ã€ã€Œip netnsã€ã§æ“作ã™ã‚‹ãŸã‚ã ã‘ã«å¿…è¦ãªã®ã§ã€ä¸Šè¨˜ã®è¨å®šãŒçµ‚ã‚ã£ãŸã‚¿ã‚¤ãƒŸãƒ³ã‚°ã§ã™ãã«å‰Šé™¤ã—ã¦ã‚‚構ã‚ãªã„ã§ã—ょã†ã€‚
ã§ã€‚。。。
実ã¯ã€ä¸Šè¨˜ã®ä½œæ¥ã‚’全部やã£ã¦ãれるシェルスクリプト(pipework)ãŒã™ã§ã«å…¬é–‹ã•ã‚Œã¦ã¾ã™ã€‚興味ã®ã‚ã‚‹æ–¹ã¯ã€ã‚¹ã‚¯ãƒªãƒ—トã®ä¸èº«ã‚’èªã¿è§£ã„ã¦ã¿ã¦ãã ã•ã„。
